CVE-2021-20310
Description
A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero ConvertXYZToJzazbz() of MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is submitted by an attacker and processed by an application using ImageMagick. The highest threat from this vulnerability is to system availability.
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.396
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2021-20309,CVE-2021-20310,CVE-2021-20311,CVE-2021-20312,CVE-2021-20313 are affected in Imagemagic (x64) 7.0.9.0(x64) | Windows |
| Vulnerabilities CVE-2021-20309,CVE-2021-20310,CVE-2021-20311,CVE-2021-20312,CVE-2021-20313 are affected in Imagemagick 7.0.9.0 | Windows |
| Multiple Vulnerabilities are affected in ImageMagick 7.0.10 | Windows |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234